This blog is a service of Alston & Bird's Privacy & Data Security team and focuses on key data privacy and data security issues.

Tag Archives: State Attorneys General

On March 21, 2017, New York Attorney General (NYAG) Eric T. Schneiderman announced that his office had received a record breaking 1,282 data breach notices to his office affecting 1.6 million New York residents during 2016. Compared to 2015, these figures represent a 60 percent increase in the number of notices and a 300 percent increase in the number of New York residents affected. These research figures build on the NYAG’s 2014 report “Information Exposed: Historical Examination of Data Security in New York State,” which analyzed eight years of security breach statistics in New York from [...] Read more

Nebraska Governor Pete Ricketts has signed LB835 into law, updating the state’s data breach notification statute. The changes take effect on July 20, 2016.
With the updates, Nebraska joins a growing number of states that include a username or email in combination with a password or security question and answer that would permit access to an online account in the definition of personal information which, if acquired by an unauthorized person, would require notice.
In addition, the statute has been modified to require notice to the state’s Attorney General concurrent with notice provided [...] Read more

Illinois Governor Bruce Rauner vetoed a bill amending the state’s data breach notification law on August 21, 2015, saying in a letter to the General Assembly that the bill “goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states.” The bill, S.B. 1833, would have amended Illinois’ Personal Information Protection Act (“PIPA”). Gov. Rauner took issue only with a few specific provisions and promised to sign the bill if the issues were addressed by the General Assembly.
In particular, the Governor disagreed with the addition of “consumer [...] Read more

In what may become viewed as the de facto standard for selling customer information in bankruptcies, a Delaware bankruptcy court approved, on May 20, 2015, a multi-party agreement that would substantially limit RadioShack’s ability to sell 117 million customer records. The agreement was entered into by RadioShack Corp., General Wireless Inc., and 17 state attorney generals as part of the former’s ongoing bankruptcy proceeding. Despite its original intention to sell all of its customer records, RadioShack entered into the agreement in response to filings made by 36 state attorney generals [...] Read more